how to subtract in sql using php

Question

I would like to subtract the quantity in my database using php

part of HTML code

<label class="control-label">Medicine Name</label>
<input type="text" class="form-control" name="medname">
<label class="control-label">Quantity</label>
<input type="text" class="form-control input-sm" name="quantity">
<button type="submit" class="btn" style="background:#830006;" name="submit1">OK</button>

PHP

if (isset($_POST['submit1'])) {
  $mediname = pg_escape_string($_POST['medname']);
  $tits = pg_escape_string($_POST['quantity']);

  $quirt = ("UPDATE medicine_invent set med_stock = med_stock - $tits where med_name = $mediname");
  $sq = pg_query($quirt);
}

please help me. i'm still a beginner at php. Thanks a lot.

Maybe this [question](https://stackoverflow.com/questions/6715095/how-to-sum-and-subtract-using-sql) will help you. (10 sec. google) — Maximilian Fixl, Nov 17 '17 at 07:17
first select the current quantity of med_stock then subtract it with $_POST['quantity'] and finally update that quantity. — Ravi Sharma, Nov 17 '17 at 07:18
Possible duplicate of [How to SUM and SUBTRACT using SQL?](https://stackoverflow.com/questions/6715095/how-to-sum-and-subtract-using-sql) — Saad Suri, Nov 17 '17 at 07:53

score 1 · Accepted Answer · answered Nov 17 '17 at 07:16

1

if the $mediname is string you should use quote around this var (string var)

 ("UPDATE medicine_invent 
       set med_stock = med_stock - $tits 
       where med_name = '$mediname'");

Anyway you should not use php var directly in your sql code for avoid sqlinjection risk .. check for you framework/dbdriver the correct use of parametrized query and pass the value you need using binding param features

answered Nov 17 '17 at 07:16

ScaisEdge

131,976
10
91
107

Thanks a lot sir. i got an idea now. thank you very much. – Jason Ronda Nov 17 '17 at 07:29
@JasonRonda then you should give him 1+ ;) – Ravi Sharma Nov 17 '17 at 07:30
Hello sir, @scaisEdge then why you do not quoted this => `med_stock - $tits` – Ritesh Khatri Nov 17 '17 at 08:33
@Rits .. the number don't need quotes ... the string need quotes . .. this is the fact .. – ScaisEdge Nov 17 '17 at 08:41
but when i pass quotes to number it inserted, but why we not use quotes here? – Ritesh Khatri Nov 17 '17 at 08:49
1

@Rits the number is inserted because the sql engine perform a direct cast do the fact there is an aritmetic operation involved but fur a correct use (and a correct understanding of the difference between numeric and string variables) the number var not no must be written in quotes .. .. Anyway the comments of another answer are not the proper place for answer a new question .. If you need more post a new properly documented question – ScaisEdge Nov 17 '17 at 08:54
no brother i just wanted this, and many thanks -- m giving you upvote its same as give you on new question. – Ritesh Khatri Nov 17 '17 at 10:09

how to subtract in sql using php

1 Answers1